Creating security group default rules
POST /v2.0/default-security-group-rules
Create a security group rule template.
The security group rule template API does not validate UUIDs of the remote_address_group_id
and remote_group_id
resources. If you specify the UUID of a non-existing security group or remote address group, this will cause errors during security group creation.
Source: https://docs.openstack.org/api-ref/network/v2/index.html#create-security-group-default-rule
Request
Parameters
Name | In | Type | Description |
---|---|---|---|
default_security_group_rule
|
body | object | A default_security_group_rule object. |
description (Optional) |
body | string | A human-readable description for the resource. Default is an empty string. |
remote_group_id (Optional) |
body | string | The remote group UUID to associate with this security group rule. You can specify either the remote_group_id or remote_ip_prefix attribute in the request body. |
direction
|
body | string | Ingress or egress, which is the direction in which the security group rule is applied. |
protocol (Optional) |
body | string | The IP protocol can be represented by a string, an integer, or null . Valid string or integer values are any or 0 , ah or 51 , dccp or 33 , egp or 8 , esp or 50 , gre or 47 , icmp or 1 , icmpv6 or 58 , igmp or 2 , ipip or 4 , ipv6-encap or 41 , ipv6-frag or 44 , ipv6-icmp or 58 , ipv6-nonxt or 59 , ipv6-opts or 60 , ipv6-route or 43 , ospf or 89 , pgm or 113 , rsvp or 46 , sctp or 132 , tcp or 6 , udp or 17 , udplite or 136 , vrrp or 112 . Additionally, any integer value between [0-255] is also valid. The string any (or integer 0 ) means all IP protocols. |
ethertype (Optional) |
body | string | Must be IPv4 or IPv6 , and addresses represented in CIDR must match the ingress or egress rules. |
port_range_max (Optional) |
body | integer | The maximum port number in the range that is matched by the security group rule. If the protocol is TCP, UDP, DCCP, SCTP or UDP-Lite this value must be greater than or equal to the port_range_min attribute value. If the protocol is ICMP, this value must be an ICMP code. |
port_range_min (Optional) |
body | integer | The minimum port number in the range that is matched by the security group rule. If the protocol is TCP, UDP, DCCP, SCTP, or UDP-Lite, this value must be less than or equal to the port_range_max attribute value. If the protocol is ICMP, this value must be an ICMP type. |
remote_ip_prefix (Optional) |
body | string | The remote IP prefix that is matched by this security group rule. |
used_in_default_sg
|
body | boolean | Indicates whether this security group rule template will be used in the default security group created automatically for each new project. |
used_in_non_default_sg
|
body | boolean | Indicates whether this security group rule template will be used in custom security groups created by a project user. |
Example
# curl -ks -H 'Content-Type: application/json' -H 'X-Auth-Token: gAAAAA<...>' -d ' { "default_security_group_rule": { "direction": "ingress", "port_range_min": "80", "ethertype": "IPv4", "port_range_max": "80", "protocol": "tcp", "used_in_default_sg": "true", "used_in_non_default_sg": "true" } }' https://<node_IP_addr>:9696/v2.0/default-security-group-rules
Response
Parameters
Name | In | Type | Description |
---|---|---|---|
default_security_group_rule
|
body | object | A default_security_group_rule object. |
id
|
body | string | The ID of the security group rule. |
description
|
body | string | A human-readable description for the resource. |
remote_group_id
|
body | string | The remote group UUID to associate with this security group rule. |
remote_address_group_id
|
body | string | The remote address group UUID that is associated with this security group rule. |
direction
|
body | string | Ingress or egress, which is the direction in which the security group rule is applied. |
protocol
|
body | string | The IP protocol represented by a string, an integer, or null . The string any (or integer 0 ) means all IP protocols. |
ethertype
|
body | string | Ethertype: IPv4 or IPv6. |
port_range_max
|
body | integer | The maximum port number in the range that is matched by the security group rule. |
port_range_min
|
body | integer | The minimum port number in the range that is matched by the security group rule. |
remote_ip_prefix
|
body | string | The remote IP prefix that is matched by this security group rule. |
used_in_default_sg
|
body | boolean | Indicates whether this security group rule template will be used in the default security group created automatically for each new project. |
used_in_non_default_sg
|
body | boolean | Indicates whether this security group rule template will be used in custom security groups created by a project user. |
Status codes
Success
Code | Reason |
---|---|
201 - Created
|
Resource was created and is ready to use. |
Error
Code | Reason |
---|---|
400 - Bad Request
|
Some content in the request was invalid. |
401 - Unauthorized
|
User must authenticate before making a request. |
404 - Not Found
|
The requested resource could not be found. |
409 - Conflict
|
This operation conflicted with another operation on this resource. |
Example
{ "default_security_group_rule": { "id": "eb8ad926-f5c9-4371-b35f-e69563b695ac", "ethertype": "IPv4", "direction": "ingress", "protocol": "tcp", "port_range_min": 80, "port_range_max": 80, "remote_ip_prefix": null, "remote_address_group_id": null, "remote_group_id": null, "description": "", "used_in_default_sg": true, "used_in_non_default_sg": true } }